Payment cards such as credit cards and debit cards are in widespread use. In some environments, payment cards in the form of magnetic stripe cards prevail in terms of popularity. In other environments, it is more common to use so-called “contactless” payment cards. With contactless payment cards, the payment card account number is stored in an integrated circuit (IC) within the card, and is read by short-range radio communication between the card and the contactless reader component of a point of sale (POS) terminal. With enhancements that have occurred to mobile phones, including smartphones, the capability has been added to perform NFC (near field communication) communications to enable so-called “contactless” payment cards to be digitized into these consumer devices. These mobile devices may utilize a secure element (SE) to store the payment card account number and associated data, keys and Personal Identification Number (PIN) to enable the consumer to perform a payment transaction using the NFC short-range radio communications provided by the mobile device and the contactless reader component of a POS terminal.
For many payment transactions utilizing payment-enabled mobile phones, it is customary to require “two factor” security—that is, the user must not only present a physical credential (the mobile phone), but in addition a procedure must be followed to verify that the individual presenting the credential is authorized to do so. This additional required procedure is sometimes referred to in the payment card industry as a “cardholder verification method”, or “CVM”. A widely used CVM prompts the user to enter a “PIN”, i.e., a “personal identification number”; for example this may be done via the user interface of the mobile phone. If the PIN, as entered by the user, is determined to be correct, either on-device, locally, or at a remote server, then the CVM requirement is considered to have been satisfied. There have also been many proposals for CVM requirements in which the user submits biometric information via the mobile phone.
The present inventors have now recognized that there are opportunities to increase the convenience and/or the sophistication of CVM processes for payment-enabled mobile phones and other mobile devices.